CVE-2026-4519 webbrowser.open() allows leading dashes in URLs

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

PSF-2026-14

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

EUVD-2023-0503

Malicious code in bioql PyPI...

EUVD-2023-12192

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-17522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Linux Distros Unpatched Vulnerability : CVE-2022-45299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. CVE-2022-45299 Note th...

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Plain Craft Launcher PCL is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE...

The vulnerability of the Lib/webbrowser.py component in the Python programming language allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Lib/webbrowser.py component of the Python interpreter is related to insufficient neutralization of special elements in requests. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

Command injection

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

CVE-2023-0093

CVE-2023-0093 affects Okta Advanced Server Access Client versions 1.13.1–1.65.0. The root cause is a vulnerable third‑party library, webbrowser , used by the ASA client, enabling command injection . Exploitation requires the user to be phished into entering an attacker‑controlled server URL durin...

SUSE CVE-2017-17522

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...

SUSE CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

GuiNistRs (=0.1.0), ablavema (=0.4.2) +330 more potentially affected by CVE-2022-45299 via webbrowser (>=0.1.3 <=0.8.15)

webbrowser CARGO version =0.1.3, =0.0.6, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.1, =0.1.0, =0.1.0, =1.0.9, =0.1.0, =0.1.2 - antigravity =0.0.5 and more Source cves: CVE-2022-45299 Source advisory: OSV:GHSA-M589-MV4Q-P7RJ...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...